Search Postgresql Archives

Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Kyotaro,

We want to revoke server certificate, just don't know why doesn't take affect
https://www.postgresql.org/docs/11/ssl-tcp.html
https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-CRL-FILE

Kyotaro Horiguchi <horikyota.ntt@xxxxxxxxx> 于2021年12月1日周三 下午2:12写道:
At Tue, 30 Nov 2021 21:53:06 +0800, Yi Sun <yinan81@xxxxxxxxx> wrote in
> # cat /home/sunyi/tls/root.crt /home/sunyi/tls/1/root.crl > /tmp/test_1.pem
> # openssl verify -extended_crl -verbose -CAfile /tmp/test_1.pem -crl_check
> /home/sunyi/tls/1/server.crt

I guess what you really wanted to revoke was not server.crt but
postgresql.crt.

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux